100 TCC employees affected in recent data breach

Officials at TCC are discussing a major data breach that has affected 100 employees. Credit: WAVY/Lex Gray

NORFOLK, Va. (WAVY) — A hundred employees at Tidewater Community College have been victimized by a recent data breach, college officials confirm.

The major data breach was announced last Friday, which resulted in the personal data being stolen from more than 3,000 employees.

TCC President Edna V. Baehre-Kolovani explained the breach and took questions from nearly 100 employees who attended a town hall meeting Wednesday afternoon.

A hacker impersonated a TCC employee earlier this month, and requested social security numbers and other tax information for all 2015 employees, according to Kolovani.

The sender’s email address appeared legitimate, Kolovani said, so the worker sent the file, compromising the information of all of TCC’s 3,193 employees.

Since the college made employees aware of the issue, 100 have reported that when they tried to file their tax returns, they found out someone else already had done so.

Kolovani called it a sophisticated scam that targeted nearly all Virginia higher education institutions, but none of the agencies investigating it could confirm that to 10 On Your Side.

The IRS sent out an alert about the scam on March 1, one day before the TCC breach, but Kolovani said the college has no record of receiving that warning.

Since the college learned of the breach March 24, it has notified employees, sent out information about credit monitoring, and set up an FAQ on its website.

“We have nothing to hide, so the more transparent we are […] the better off we’ll be,” said Kolovani.

TCC employee Gela Jones told 10 On Your Side she’s not quite satisfied by promises of transparency and openness.

“It should have been prevented, because that is very confidential, high-level information,” Jones said. “I don’t think people were trained effectively or efficiently, so it was easy to do, because the training wasn’t there.”

TCC is reviewing its policies about who can access sensitive information, and plans to more rigorously train employees in cybersecurity, according to Kolovani.

Virginia State Police and FBI spokespersons said they could not provide any updates about the investigation.

Comments are closed.